EKS Cluster Encryption Disabled

  • Query id: 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281
  • Query name: EKS Cluster Encryption Disabled
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

EKS Cluster should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}
Postitive test num. 2 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "positive2" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name

  encryption_config {
    resources = ["s"]
    provider {
      key_arn = "test"
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  type    = string
}

resource "aws_eks_cluster" "negative1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name

  encryption_config {
    resources = ["secrets"]
    provider {
      key_arn = "test"
    }
  }
}